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The  point  of  the  meetings  funded  under  this  grant  was  to  collect 
together  the  major  researchers  in  the  theoretical  and  practical  areas  of 
computer  security.  -it_was__3ur^  initial  hope  that  a dialogue  between 
theoreticians  and  practitioners'vouTd  resyVt,  that  many  results  would 
flow  from  the  meeting.  It  was  also  our  hope  that  the  papers. resulting 
from  the  meeting  would  receive  the  widest  possible  disseminatTSTr^  A 
collection  of  new  research  contributions  from  the  major  researchers  in 
computer  security  should  be  influential  as  a textbook  and  as  a reference 
work  in  the  area.  ■ i will  discuss  below,  £he  meeting  exceeded  our  ^ 
expectations  in  the  areas  cited  in  our  proposal,  and  provided  a number 
of  unexpected  dividends.  'u^ 

On  October  3,  4,  and  5,  1977  the  "Foundations  of  Secure  Computation" 
workshop  was  held  at  the "Atlanta  Townhouse  Hotel  across  from  the  Georgia 
Tech  campus.  In  attendance  were  the  following  invited  participants: 
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Timothy  Budd,  Yale  University 

James  Burns,  Georgia  Tech 

Ellis  Cohen,  University  of  Newcastle 

George  Davida,  University  of  Wisconsin 

Richard  DeMillo,  Georgia  Tech 

Dorothy  Denning,  Purdue  University 

David  Dobkin,  University  of  Arizona 

Robert  Fabry,  University  of  California,  Berkeley 

Fredrick  Furtek,  Mitre  Corporation 

Stockton  Gaines,  Rand  Corporation 

Robert  Grafton,  ONR 

Leonard  Haines,  ONR 

Michael  Harrison,  University  of  California,  Berkeley 

Anita  Jones,  Carnegi e-Mel  Ion  University 

John  Kam,  Columbia  University 

Charles  Kline,  University  of  California,  L.A. 

Richard  Lipton,  Yale  University 
Nancy  Lynch,  Georgia  Tech 
Leonard  McNeil,  Management  Science  America 
Jonathan  Mi  lien,  Mitre  Corporation 
Naftaly  Minsky,  Rutgers  University 
Michael  Rabin,  Hebrew  University  and  MIT 
Steven  Reiss,  Brown  University 
Ronald  Rivest,  MIT 

Walter  Ruzzo,  University  of  Washington 
Norman  Shapiro,  Rand  Corporation 
Lawrence  Snyder,  Yale  University 


All  attendees  who  requested  travel  funds  were  supplied  with  grants 
which  at  least  partially  subsidized  their  expenses  in  attending  the 
meeting.  No  additional  honoraria  were  given  to  the  attendees. 
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Workshop  participants  were  asked  to  distribute  preliminary  drafts 
of  their  contributions  prior  to  the  meeting.  At  the  time  of  the 
workshop,  we  had  the  opportunity  to  review  the  written  sumnaries  pro- 
vided by  the  attendees. 

The  logistics  of  the  meeting's  technical  sessions  proved  to  be 
remarkably  simple  to  arrange.  Although  the  papers  fall  naturally  into 
four  categories  — we  will  use  these  natural  divisions  in  discussing 
the  papers  --  we  made  an  early  decision  not  to  segregate  the  papers  at 
the  workshop.  Since  a major  point  of  the  meetings  was  to  have  been 
the  cross  fertilization  between  adjacent  fields,  we  thought  that  a 
random  interleaving  of  the  papers  would  help  promote  this  attitude. 

This  technique  seemed  to  work  very  well.  The  common  situation  in  a 
conference  or  a workshop  in  which  topics  are  segregated  is  that  an 
attendee  who  does  not  perceive  himself  as  having  a specific  research 
interest  in  a particular  topic  elects  to  not  attend  that  session  or 
attends  as  a mere  observer.  With  our  technique,  attendees  are  kept 
"off  guard".  The  topics  shift  as  the  session  goes  on  and  there  is  a 
tendency  to  participate  uniformly  throughout  the  sessions.  The  struc- 
ture of  the  workshop  was  that  attendees  would  be  allocated  each  a half 
hour  for  informal  presentation  of  his  paper.  Following  these  presen- 
tations was  a fifteen  minute  discussion  session.  The  responsibility 
of  the  session  chairperson  was  to  record  the  text  of  the  discussion 
and  attempt  to  guide  its  course.  During  the  three  days  of  the 
meeting,  ample  time  was  allowed  for  informal  discussion  groups,  each 
devoted  to  specialized  topics,  and  this  aspect  appeared  to  be  enormously 
successful . 

The  afternoon  of  October  4th  was  devoted  to  a round  table  discussion 
covering  topics  raised  in  informal  and  formal  discussion  sessions.  This 
round  table  lasted  approximately  three  hours  and  was  also  recorded.  All 
discussion  topics  were  edited,  condensed,  reviewed  by  the  attendees, 
and  appear  in  the  conference  volume.  The  response  of  the  attendees 
appears  to  be  that  the  discussion  sessions  and  their  subsequent  record- 
ing was  the  most  successful  aspect  of  the  meeting. 

The  papers  presented  at  the  meeting  fall  naturally  into  those 
dealing  with  database  security,  encryption,  practical  aspects  of  oper- 
ating systems  security,  and  theoretical  aspects  of  operating  systems 
security.  I will  give  a brief  description  of  what  resulted  in  each  of 
these  four  areas. 


Database  Security 


1.  "A  View  of  Research  and  Statistical  Database  Security"  by 
Dorothy  Denning 


2.  "Combinatorial  Inference"  by  Richard  DeMillo,  David  Dobkin 
and  Richard  Lipton 


3.  "Database  System  Authorization"  by  Don  Chamberlain,  Jim  Graves 
Patricia  Griffiths,  Moishe  Miesse,  Irv  Traiger,  Bradford  Wade 
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4.  "Mediams  in  Database  Security"  by  Steven  Reiss 

The  four  papers  concerning  database  security  addressed  tradeoffs 
between  usability  and  security.  Dorothy  Denning's  survey  of  statis- 
tical database  security  reminds  us  how  far  we  have  come  in  realizing 
the  limits  of  the  notion  of  database  security.  The  usual  methods  of 
compromising  large  statistical  databases  almost  always  involve  trans- 
parent uses  of  information  delivered  in  responses  to  queries.  The 
article  by  Richard  DeMillo,  David  Dobkin  and  Richard  Lipton  discusses 
the  more  subtle  kinds  of  combinatorial  inferences  which  can  be  formed 
out  of  query  responses.  Compromising  the  statistical  sense  is  not  the 
only  security  problem  in  database  design.  The  pragmatic  issues  stemming 
from  the  authorization  of  access  to  database  and  database  communication 
systems  are  outlined  in  the  contribution  by  Chamberlain,  Gray,  Griffeths, 
Mresse,  Traiger  and  Wade.  The  final  paper  of  this  section  by  Steven 
Reiss  returns  to  statistical  compromise  with  a detailed  study  of  the 
insecurity  inherent  in  databases  which  allow  a certain  statistical  query 
strategy. 

II.  Encryption  as  a Security  Mechanism 

1.  "A  Structure  Design  of  Substitution  Permutation  Encryption 
Networks"  by  John  Kam  and  George  Davida 

2.  "Proprietory  Software  Protection"  by  Richard  DeMillo,  Richard 
Lipton  and  Leonard  McNeil 

3.  "Encryption  Protocols,  Public  Key  Algorithms  and  Digital 
Signatures  in  Computer  Networks"  by  Gerald  Popek  and  Charles 
K1  i ne 

4.  "Digital  Signatures"  by  Michael  Rabin 

5.  "On  Data  Banks  and  Privacy  Homomorphisms"  by  Ronald  Rivest, 
Leonard  Adleman  and  Michael  Dertouzos 

The  five  papers  presented  here  are  truly  representative  of  current 
research  in  data  encryption.  George  Davida  and  John  Kam  proposed  the 
type  of  substitution-permutation  encryption  design.  Their  intent  is 
to  provide  a variant  of  the  NBS  Data  Encryption  standard  which  obviate 
several  of  the  difficulties  raised  by  Heilman  and  Diffie  and  others. 
Richard  DeMillo,  Leonard  McNeil  and  Richard  Lipton  raised  a novel 
application  for  encryption  research:  the  protection  by  encryption  of 
comnercial  software  from  overt  theft.  Gerald  Popek  and  Charles  Kline 
correctly  point  out  that  oftentimes  the  protocol  through  which 
encryption  algorithms  are  made  available  have  significant  impact  on 
their  effectiveness.  They  examine  several  encryption  methods  from  this 
perspective.  A surprising  probabilistic  method  for  creating  secure 
digital  signatures  is  the  subject  of  Michael  Rabin's  article.  He  pre- 
sents a method  which  can  be  based  upon  any  block  encoding  function 
that  satisfies  two  simple  axioms.  Ronald  Rivest,  Len  Adleman  and 
Michael  Dertouzos  address  the  serious  defect  of  current  methods  for 
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encrypting  data:  coded  information  must  be  decoded  before  it  can  be 
manipulated.  Out  of  all  possible  privacy  transformations,  the 
authors  select  the  privacy  homomorphisms  which  allow  data  to  be  operated 
upon  in  its  encrypted  form. 

III . Design  Oriented  Models  of  Operating  Systems  Security 

1.  "One  Perspective  on  the  Results  About  the  Decidibility  of 
Systems  Security"  by  Robert  Fabry 

2.  "Constraints"  by  F.  Furtek  and  J.  Millen 

3.  "Some  Security  Principles  in  the  Application  of  Computer 
Security"  by  Stockton  Gaines  and  Norman  Shapiro 

4.  "Protection  Mechanism  Models:  Their  Usefulness"  by  Anita  Jones 

5.  "The  Principle  of  the  Attenuation  of  Privilege  and  Its  Ram- 
ifications" by  Naftaly  Minsky 

In  Robert  Fabry's  article  we  see  a designer  struggling  to  come  to 
grips  with  the  real  world  implications  and  with  theoretical  results: 
the  Harrison,  Ruzzo,  Ullman  Decidibility  Theorem.  The  two  part  paper 
by  F.  Furtek  and  J.  Millen  attempts  a simplification  of  several  design 
concepts;  they  represent  a system  of  "prime  constraints",  a concept 
similar  to  prime  implicants  of  switching  theory.  Stockton  Gaines  and 
Norman  Shapiro  take  a step  back  from  detailed  considerations  to  give 
us  an  overview.  They  provide  us  with  some  general  perspectives  and 
the  state  of  security  research  based  on  some  fairly  pragmatic  insights. 
The  contribution  by  Anita  Jones  is  indicative  of  the  fertile  interplay 
of  theory  and  practice  in  security  research;  her  article  was  the  out- 
come of  a designer  assessing  the  usefulness  of  the  take-grant  system 
which  has  been  the  subject  of  extensive  theoretical  analysis.  In  the 
final  paper  of  this  section,  Naftaly  Minsky  addresses  Peter  Denning's 
principle  of  "Attenuation  of  Privilege"  and  presents  an  authorization 
scheme  which  satisfies  the  principle. 

IV.  Theoretical  Models  of  Operating  Systems  Security 

1.  "On  Classes  of  Protection  Systems"  by  R.  Lipton  and  T.  Budd 

2.  "Information  Transmission  in  Sequential  Programs"  by  Ellis  Cohen 

3.  "Monotonic  Protection  Systems"  by  Michael  Harrison  and  Walter 
Ruzzo 

4.  "On  Synchronization  and  Security"  by  Richard  Lipton  and  L. 

Snyder 
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In  this  final  section,  Richard  Lipton  and  Timothy  Budd  open  the 
selection  in  theoretical  contributions  by  showing  us  that  there  is  an 
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efficient  way  to  decide  safety  for  a wide  variety  of  protection  systems. 
The  requirement  is  that  the  systems  must  be  related  in  certain  ways. 

Ellis  Cohen  notes  that  the  various  possibilities  for  information  flow 
in  sequential  programs  and  gives  an  elegant  form  of  treatment  of  his 
ideas.  Michael  Harrison  and  Walter  Ruzzo  extend  their  well-known 
investigation  into  a particular  security  model  by  giving  a character- 
ization of  the  relative  "power"  of  different  operations  allowed  in  the 
model.  In  the  final  paper,  Richard  Lipton  and  Larry  Snyder  proved  the 
surprising  equivalent  of  a well  studied  security  model  with  an  apparently 
unrelated  model  for  synchronizing  parallel  processes. 


The  papers  described  above  and  the  edited  text  of  the  panel  dis- 
cussions and  informal  discussions  appear  in  a volume  entitled  "Foundations 
of  Secure  Computation"  edited  by  Richard  DeMillo,  David  Dobkin,  Anita 
Jones  and  Richard  Lipton  which  was  published  in  late  1978  by  Academic 
Press. 

The  attendees  and  other  reviewers  of  the  book  have  been  enthusiastic 
about  the  outcome.  Not  only  did  we  obtain  a collection  of  first  rate 
contributions  to  security  research,  but  upon  reviewing  the  contents  of 
the  contributions  we  found  an  unexpectedly  large  number  of  survey  papers. 
Therefore,  with  minimal  supplement  by  an  instructor,  the  book  could 
make  an  excellent  text  for  a graduate  course  in  security. 

Meetings  of  this  sort  are  rare.  We  had  an  advantage  in  that 
security  was  being  covered  rather  heavily  by  the  National  Press  at  the 
time  of  our  meeting  and  this  lent  an  air  of  excitement  to  the  gathering, 
but  a meeting  of  active  researchers  in  an  area  in  which  there  is  grow- 
ing interest  clearly  can  have  beneficial  impact  upon  the  future  develop- 
ment of  the  area.  Therefore,  as  a final  personal  note  I should  like  to 
add  not  only  my  thanks  to  the  Office  of  Naval  Research  and  the  U.S. 

Army  Research  Office  for  their  generaous  support  of  our  meeting  but 
would  like  to  strongly  reconmend  that  similar  projects  be  funded  in  the 
future.  As  Michael  Rabin  told  me  at  the  close  of  our  meeting,  such 
gatherings  can  be  a "great  service  to  science." 
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